Amendments to the ( hums: 

Re-v.nie d„mYK a o , ct | 0 jt]- below, }h:o iistint: ot ehun- \v,li jopl t tv:e prso: \co;h>k>. vid 
b U-\sl^. of Oa^o.- ?ii siic appbuao^s: 

I ht'm g t>f Claims: 

' <p»c*i--UMV presented) A computer network security system having enibreeable 
security policy provision composing: 

p\cmi* i<*> p^o, uling variable security policy rule data for distribution to at least one 

i V i < i (, *t Uv <, Pi ! i M. ! 1 _ > t I 

of a central security policy ruic data distribution source to the variable security policy rule data: 
means for storing the digital signature and the variable policy rule data: and 
ucUv<<fk uode ;ne-;-5s, ^pcraui e : > coupled to the ^tora^ ^itoin. lor periodically obtaining 
the digital ssgu-ma-c and the * liable policy rule dasa fu>n> -he nica^ h-t storing, and not from a 
iorwurded signed u^s^age, and for .souK/urn: the \unabie pob>_\ nue data to facilitate unilateral 



2 \oro:;r ; ;ih ; he co:np:Uer tsttv.o-k sy^en"* ol' efn;n s therein the locans tor 
protons? sneh^ie.-* esur ■oiorh'.c oic-n^- lor facilitating sekVuoo of \anahle security policy rule 
data. 



ie coihpuki network s\moui id claim I vheteni dK uscan^ uw 
•>k- seean:> policy rule data tV-on a daia file. 



CHi< \oo •• :5-: 1 



prodding provu 



6. (original) The computer network system of claim I wherein the network node 
means includes: 

means for storing variable policy rule data; and 

means, operative!}' coupled to the means for storing, for using policy rule analysis data to 
decode the variable policy raio data to "facilitate security policy enforcement at a network node 



n. it-aHe pohvV roke dakt aicut't^ no , :.\ rv.ij t-ata on * pe? apoLo^on tor i p.uraHv . 
>oHvare applseais' supjvrxe )\ at »av. neoAoti nook 

'0, i ^ K i. S ■> J < d\ ^ it > ^ X ! v. w 5s Nil 

■ Jigs*al isiUU'iis*- if ii i f K<. x;i!s;ib:c pohe* sale data s.otc^ ;i oohe> ..eouLaie '.oi JoJnhuK^si ; 
■he ne-^vak tu-iL undei ^muvs <u the nctvo^k uode. 

11. (original) The computer network system of c < 1 \> e < ki v. » *s > s Nt 

the digital signature and the variable policy rule data -stores a nones u m . e \ s ois*t .. i lor 
the network nodes under control of the means for associating. 



16. (previously presented) A method for providing enforceable <*<.eunt 
provisions comprising : 

providing variable seeurt \ \\ r\ wd 'uti tnin 1 mks i k o 

assoesamrg ; < sj^Ud sua a; v.u *t sun i s. i m 

the variable --^oj.'o ooi;e> iuie data; 

sto"ir.g ire dmna' ^jcnaU ^ I v. ^itp k v. 0 i ' 

ponodiC/U' o|v/,5K';vj ^ s n < ik % < >\ u ruio ■ 

ior\wude<t ^:J N a s^-;ud srsvss av i! s v t_ 1 a v < s ^ ;ta to 
nfuLtCial sxe.uv\ po.je^ onto cement. 
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1 <i » , e "Ux^ x aim 16, wherein the step of providing variable 
K — » o 1 k<- o 1 1 h i„i ius *c * ? _ selection of variable security policy rule data. 

sS. — nu^al' 1 lie nictrk-d clarn U\ v-he-jcm pfow-t;og \ji:aHe s^urro |* 
nslc data includes facilitating selection of variable sceurth pohc> rule data *>n a pes retworl 
nvd-j basis U-,i pciicy definition for at least one network node. 

19. (original) The method of claim 16, wherein associating a digital signature of a 
central, security policy rule data distribution source includes associating a digital signature to the 
variable policy rale data to create a policy certificate. 

20. (original) The method of claim 16, wherein the step of obtaining the digital 
signature arid the variable policy rule data includes: 

storing variable policy rule data: 

storing policy rule analysis data for evaluating the policy rule data; and 
using the policy rule analysis data to decode the variable policy rule data to facilitate 
unilateral security policy enforcement at a network node level. 

21. (original; The method of claim 16, wherein t.»«. w.-^ic ^ol^ ;^.c Jau nJuk* 
ol ka°* ,~eaaO\ policy identification data, policy rule setting Jat t an: tw*c\ < y\^r /„\on 

data. 



,12 v^jynush I hi.- uvd-od of clasm v-herem tKt \an J-k p^hcj f.sk J\na mdodes 
diUe:Ha. p<-b/> Mle dasa for a piurabt> of ^u*;\\*re .ippneaUoM* supposed ? leas' ^ne 
uv-uu>:s ?vd>.- wkeo.an the :a k-osi v<nc network ^ode nidades -nc;a^ for \>ci!r:i-n^ 
CJ>pU'L5Kipii--- pfv^c^'jiii: eikuta thai 5< acc^iNe h\ the pkifahu -a s«uK\aTC aopheaoosr 

J ; i^or^snak Ui.. me'hod of ekuro u>, vUu-ron ^.e-.ais: uv J i>!U" ^c :w '^ iV .<rd f>e 
\ai:ake ooiicx udodal.i mduces stonap, pehc) cenflcaV :o- ■k-anbaKa ;e >be ^e ! w;k roo." 
under n ut-ol >d me sutwork iiods.es 

24. (original) The method of claim 16, wherein storing the digital signature and fee 
variable policy rule data includes storing a policy certificate for distribution to the network nodes 
under control of a network server. 

25. - vS. it-ancelt-d) 

39 (previously presented) The system of Claim 1 wherein the central security policy 
rule data distribution source is a certification authority. 

40. ^ previously presented) The system of Claim 1 wherein trie variable p-:siic> rule 
data includes p^'ie y rule data on a per node basis. 

41 . (new) A computer having enforceable security policy provision comprising: 



::i{Kv\GO/*i55i255. 
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:vi u^ \'v fv-.ureo *5bt.ni!irv; van d--v_- \\>hc\ u:ie <.\i;a fu-nj a ecnt;.d secrny :v=ic> T aSc 
dau d;strbuu>>-i -usicoafui rio* Itou- ^ l\>x\\ aided s-^m-d rue-seiv. 

nic-'i.s, oreuu^eh <.,upicd 10 the jo cans Vi obLii-Mne. joj crd; /uv the > iruHo pebc; 

rate data; 

tfteaos, jv-Ton^nv to the means -or anah/mg the %.ipj.h!e p*-ijo> rule data, ior Lscdstaona. 

^bcreni he * archie poho, nJc dafa inehides -Jik'erjnL 1 pohey ude d^-a (or a phn.Juy >d 
.so tin arc appli; ad^ns supporvd K :he corujum-r and therein Mu- i output e; is-chides tne..ais tor 

applications. 

tne* 5 A computer h w iUi; enforceable seenn^ policy p-vvi -j-i^ .einpn^ai: 
meats-; ! ; it scotch el-taming \ Hi -able p<ihe> side data isvrn a centra! <\"jni> pohey rule 

<\ -a\. <\i-b ihswu source au-3 not bom j h^warded signed njcssagc. 

mean.*. op s .rats\ei\ eoapled to the means for ohfa-nsn^. :er analy. mt> the sanable pob... y 

rule data; 

meas^ response to 'he mean;* ?»> analwhscuhe \atuMc pohes rvk o.Uj. f---r sbehnaunj. 1 
umbterd so-. itnt>- policy ca:''recnient at a nerwork node lo^e) ba^ed ■ :ho \anah:e poh* \ rule- 
data; and 

wbeto n 1 e \aa.e«U. robc\ yih da;a achates r>ohc\ v\h pt-ont; 'at;on d i a as-e w knui= 
*Le ,ne eis tbi pciK\he>dU obt'JU'isj; o^aa^ a diciUs" -/piaUre eoise^p^kh-.u b- the p--'ie> rule 



t^v-^ * \ .storage medum flu- ^turini: pre^ianming rrvrtte{ior> -I at. »>\\-ju rea>; 
a pr -c-..'ssrn> t.oit. »ae«i 5 ire pi'Kc^^i: .ijnt to proMt:e enlbaeabk s^cur.tv iv'ic^ p;<^is;or 1 
.-to; i-s. ^oj^!! eo';.prj.v:ut 

ux>i mcsc^ ivv .-ao,rt„ pii«L-r.ttT!:n;n« m-tru-iions th.it tavi'ttak v--r;ug ^nabk .->ccu3 

seeo-kt riojii.> tor pjogUiVisnu's: u/Hsuetions i.u: fae l:\-.ic pwwo-.ny. the \aru: 

Wvii'iU rvkc v ;ia_ Jata *V: ihatrHiUorj to y„ kv.st omc network nodv. otbes 'kai t.ii-u.;^' 
Uuv^jukJ .m^kv. -I t -s^v !f> la. ihtak nsr-hkual M.-eum\ \h<h^\ ertb-\ea;er. : at a uetv,o;k rk 

wherein the first means Cor storing programming instructions stores programs™ 
instructions thai, when read by a processing unit, causes the processing unit to associate a digi 
signature o* .1 kcxhi) \ecunt\ poh*.\ r : k- Jala distribution source by associating a did 
.Mi;ra* 5 .-v, to a poh.\ n-Ie eat., to cxat-. a ;vke\ te^'cak 
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